"I hope that Fundamentals of Smart Contract Security will draw more cybersecurity minded individuals to work in the blockchain space and enable developers to think more actively about programming defensively enabling them to stay on top of security best practices."
--Joseph Lubin, Founder of ConsenSys, Co-founder of Ethereum
"Now you don't have to be a researcher at MIT or a professional security auditor to understand how to build smart contracts, as their new book on Fundamentals of Smart Contract Security explains precisely how to secure smart contracts yourself! Also, as an added benefit, cutting-edge techniques such as symbolic execution are also given an excellent treatment."
--Harry Halpin, blockchain researcher at MIT and Inria de Paris
"In the wake of the BatchOverflow and ProxyOverlow bugs, a highly qualified Quantstamp worked fast and efficiently to help ensure ERC token contracts on our exchange were secure. We were impressed with their knowledge of the latest smart contract vulnerabilities, and their expertise in automated and manual auditing processes."
--Ted Lin, Chief Growth Officer, Binance
"The blockchain space is all about democratization. Up to now, auditing smart contracts to ensure their secure functioning has required arcane knowledge beyond the reach of all but the most experienced blockchain developers. The field is now open to any developer willing to put in the time and effort to read this book and practice its methods. For this reason, it's game-changing and an immensely valuable addition to the body of shared knowledge."
--Lane Rettig, Ethereum Core Developer
"Smart contracts and programmable money enable a wealth of new possibilities, but their immutable and public nature means security must be given top priority. This book will teach you how."
--Eric Ly, Co-founder, LinkedIn, and CEO of Hub Token
"The promise of blockchain won't be realized unless it can be used safely. This book shares insights from the team that knows best how to make that happen."
--Seth Bannon, Founding Partner of Fifty Years
"A timely and impressive resource written by a team that has been on top of smart contracts for years. They give us confidence about the future of smart contracts."
--Mick Hagen, Founder & CEO of Mainframe
"A valuable guide for anyone who is serious about smart contracts and their security. Quantstamp worked hand in hand with our smart contracts engineers and creators to ensure our smart contracts are were secure and our code quality was high."
--Omri Ross, Chief Blockchain Scientist, eToro
"Quantstamp has secured many high-value smart contracts and the expertise captured in this book is an important resource for all smart contracts developers."
--Noah Thorp, Vice President of Engineering, Sharespost
"If you're serious about security, follow the guidance in this book. Quantstamp has audited large-scale, mission-critical initiatives and their expertise in smart contracts security is unparalleled."
--Vansa Chatikavanij, CEO of OmiseGO
From the Author
Security is not a sexy subject--people take the security of their institutions for granted. As Douglas Adams, author of Hitchhiker's Guide to the Galaxy once humorously said, "It's somebody else's problem." Somebody is taking care of it. The brain just edits it out.
And yet, sometimes "somebody else's problem" becomes your problem. I remember the helpless feeling I felt on one warm summer day in June of 2016, when I watched my 1500 ether, the equivalent of $21,000 at the time, disappear. This later became known as "the DAO Attack" and it has completely changed my life.
I remember the eerie feeling of loss. I remember watching in disbelief. I remember the sick feeling in the pit of my stomach and asking myself, "How do I make sure I am never in this situation again?"
It was more than the loss of money. It was about feeling the disappointment of being violated and not being able to stop the perpetrator, seek justice, or make sure that it never happens again to me or others. Isn't the blockchain supposed to be secure?
It was 2016 and I had a front row seat to watch my money stolen, right in front of my eyes. I saw the action unfold on Twitter, as white hat hackers desperately tried to follow the attacker. To this day, the DAO hacker has not been caught.
Then came an even greater disappointment when I understood the full ramifications of the DAO Hack, which led to the Ethereum fork on July 20, 2016. I thought: "This is a huge setback. If this leads to people giving up on this technology we'll have lost years of progress."
We later learned the DAO Attack was a simple exploit. The DAO project was hacked on or about June 18th, 2016. The attacker drained more than 3.6m ether into a separate contract. The amount stolen was more than $50M at the time of the attack. Smart contracts hold millions of dollars of assets and are high-value targets.
Fast forward to July 2017--Steven Stewart and I co-founded Quantstamp, a company with a simple yet powerful mission: secure smart contracts to help normal people use them safely and proliferate this amazing technology to solve problems that haven't been solved before.
"The blockchain is secure, smart contracts are not," later became our go-to-line when we witnessed other hacks that have led to losses and disappointments. There was Parity's multi-signature wallet hack, which cost $30M. And then there was the user-triggered wallet freeze, which cost around $280M.
Our understanding of exploits is maturing as technology develops and new types of exploits are discovered. In a recent study done by the National University of Singapore, over 34,000 smart contracts were found to be potentially vulnerable to hacks.
At the same time, smart contracts are also rapidly gaining adoption. In the last 18 months alone, over $11 billion dollars has been raised via smart contracts. From only 500,000 smart contracts in existence a year ago to over 8,000,000 today, interest in smart contracts has grown exponentially. These systems are incredibly powerful, enabling large-scale economic
systems to operate without any need for human intervention.
We believe programmable money is a key innovation, solving the problem of trust in an increasingly digital world. That is why we have written this book--our goal is to help the first billion people use block chain in a safe and secure manner, and to truly make security "somebody else's problem."
Co-founder and CEO, Quantstamp, Inc.
October 30, 2018